Export limit exceeded: 338616 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 338616 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (3 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2026-31815 2 Django-commons, Django-unicorn 2 Django-unicorn, Unicorn 2026-03-18 5.3 Medium
Unicorn adds modern reactive component functionality to your Django templates. Prior to 0.67.0, component state manipulation is possible in django-unicorn due to missing access control checks during property updates and method calls. An attacker can bypass the intended _is_public protection to modify internal attributes such as template_name or trigger protected methods. This vulnerability is fixed in 0.67.0.
CVE-2021-42134 1 Django-unicorn 1 Unicorn 2024-11-21 6.1 Medium
The Unicorn framework before 0.36.1 for Django allows XSS via a component. NOTE: this issue exists because of an incomplete fix for CVE-2021-42053.
CVE-2021-42053 1 Django-unicorn 1 Unicorn 2024-11-21 5.4 Medium
The Unicorn framework through 0.35.3 for Django allows XSS via component.name.